{"id":563,"date":"2013-10-01T13:22:59","date_gmt":"2013-10-01T11:22:59","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=563"},"modified":"2013-10-01T13:22:59","modified_gmt":"2013-10-01T11:22:59","slug":"flowdroid-implicit-flows","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2013\/10\/01\/flowdroid-implicit-flows\/","title":{"rendered":"FlowDroid Now Supports Implicit Flows"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_563 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_563')){$('.twoclick_social_bookmarks_post_563').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2013\\\/10\\\/01\\\/flowdroid-implicit-flows\\\/\",\"post_id\":563,\"post_title_referrer_track\":\"FlowDroid+Now+Supports+Implicit+Flows\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><a title=\"FlowDroid \u2013 Taint Analysis\" href=\"http:\/\/sseblog.ec-spride.de\/tools\/flowdroid\/\">FlowDroid<\/a> is our taint analysis tool to automatically scan Android applications for privacy-sensitive data leaks. While we have already shown FlowDroid to be highly precise and effective for explicit data flows through assignments and method calls, the tool now also supports the detection of leaks through control-flow dependencies. This protects against malware trying to disguise data flows through conditionals. If an app for instance does not directly send out the number 123, but sends 123-times the word &#8220;hello&#8221;, the attacker gains the same information as if the app had directly sent the value directly. The new version of FlowDroid derives that the &#8220;hello&#8221; message depends on the secret numeric value and therefore treats it as a leak as well though the data being sent does not directly contain any sensitive characters. To use this support for implicit flow, check out the <em>develop<\/em> branch on GitHub.<\/p>\n<p>The feature can be activated using the &#8220;&#8211;implicit&#8221; option in the command-line tool or by programatically calling &#8220;Infoflow.setEnableImplicitFlows(true)&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FlowDroid is our taint analysis tool to automatically scan Android applications for privacy-sensitive data leaks. While we have already shown FlowDroid to be highly precise and effective for explicit data flows through assignments and method calls, the tool now also &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2013\/10\/01\/flowdroid-implicit-flows\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6601,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-563","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6601"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=563"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/563\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}